Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+531: Spyware attempt against tactical networks. (CyberWire) Long-range strikes, continued ground attacks, possible diversionary activities, and Black Sea combat mark Russia's war at midweek. Ukraine says it detected and stopped a spyware campaign against its tactical networks.
Russia-Ukraine war: List of key events, day 532 (Al Jazeera) Here is the situation on Wednesday, August 9, 2023.
Russia-Ukraine war at a glance: what we know on day 532 of the invasion (the Guardian) Ukrainian forces have made an attempt to cross the Dnieper River dividing liberated and occupied Kherson; at least 45 injured in blast outside Moscow
Russia-Ukraine war live: factory explosion near Moscow injures 45 but cause remains unclear (the Guardian) Russian media reports people remain trapped after explosion at Zagorsk optical-mechanical plant
A Missile Strikes the Heart of a Ukrainian City — and Then Another (New York Times) Ukrainians say the explosions 37 minutes apart in Pokrovsk, which killed at least nine people and injured 82 others, were a “double tap” intended to kill rescuers responding to the first strike.
Ukraine Cites More Russian Shelling Of Cities, Russia Says 'Thwarts' Drone Attack On Moscow (RadioFreeEurope/RadioLiberty) Ukrainian military officials on August 9 cited more than 30 frontline clashes amid counteroffensive operations in the past 24 hours, while Russia blamed Kyiv for what it said was a twin drone attack targeting Moscow that it "thwarted" with no casualties or damage to the capital.
Turbulent Waters: How the Black Sea Became a Hot Spot in the War (New York Times) The Black Sea, a largely overlooked part of the war in Ukraine, is suddenly a cauldron of military and geopolitical tensions. The region is deeply important to Moscow, Ukraine and the West.
Ukraine-Russia war live: Ukraine 'highly unlikely' to make major breakthrough (The Telegraph) Ukraine is “highly unlikely” to make a major breakthrough in its counter-offensive to retake territory held by Russia, senior US and Western officials have said, citing “sobering” intelligence.
U.S.-Made Cluster Munitions Fuel Ukrainian Counteroffensive (Wall Street Journal) The bombs are destroying Russian trenches and artillery systems in an area where Ukrainian troops had struggled to advance.
Ukraine’s slow counteroffensive is a wake-up call for the West (Atlantic Council) Ukraine’s lack of counteroffensive progress over the past two months should serve as a wake-up call for Western leaders. Their response will shape the geopolitical landscape for decades to come, writes Maksym Skrypchenko.
Odesa urgently needs an air defense upgrade as Russia escalates airstrikes (Atlantic Council) Ukrainian Black Sea port Odesa has recently been hit by a series of Russian air attacks that have caused devastation in the city's UNESCO-listed historic center and highlighted the need for improved air defenses, writes Michael Bociurkiw.
How — and when — Ukraine's war with Russia could end (CNBC) It's become abundantly clear that Ukraine's counteroffensive won't produce quick results. And Western governments could be supporting Ukraine into 2025.
Deal struck to send German-made Leopard 1 tanks from Belgium to Ukraine (Reuters) Dozens of second-hand Leopard 1 tanks that once belonged to Belgium have been bought by another European country for Ukrainian forces fighting Russia's invasion, the arms trader who did the deal said Tuesday.
Ukraine says it prevented Russian hacking of armed forces combat system (Reuters) Ukrainian special services have foiled an attempt by Russian hackers to penetrate the Ukrainian Armed Forces' combat information system, the SBU security service said on Tuesday.
Ukraine says it thwarted attempt to breach military tablets (Record) Ukrainian security services say the Russian state-backed hacking group known as Sandworm planned an operation using at least seven new strains of malware aimed at battlefield tablet computers.
Russian secret services try to penetrate operation planning electronic system of Ukraine's army (Ukrainska Pravda) Cyber specialists of the Security Service of Ukraine (SSU) have blocked attempts by Russian military intelligence to gain access to the Armed Forces' combat data exchange system.
Russia ‘tops list of suspects’ in cyber attack which exposed data of 40m UK voters (The Telegraph) Electoral Commission revealed on Tuesday it had been the victim of a successful ‘complex cyber attack’ from ‘hostile actors’
Electoral Commission hack: Five things you need to know (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
‘Hostile actors’ hacked British voter registry, electoral agency says (Washington Post) Britain’s Electoral Commission announced Tuesday that it had identified a cyberattack, which went unnoticed for at least 14 months, that gave “hostile actors” access to its systems.
Electoral Commission apologises for security breach involving UK voters’ data (the Guardian) Names and addresses of 40 million registered voters were accessible as far back as 2021 after cyber-attack
U.K. Sanctions Target Foreign Suppliers for Russia’s Military (New York Times) New measures announced Tuesday will affect businesses in Turkey, Dubai and Iran, as well as individuals that Britain says have supplied weaponry or components needed to sustain Russia’s war in Ukraine.
Attacks, Threats, and Vulnerabilities
Chinese hackers targeted at least 17 countries across Asia, Europe and North America (Record) Hackers affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021, according to a new report.
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale (Recorded Future) RedHotel (formerly tracked as TAG-22) is one of the most prominent, active, Chinese state-sponsored threat activity groups tracked by Recorded Future’s Insikt Group.
Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) Key Takeaways Over the last six months, Proofpoint researchers have observed a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at leading...
Analysts Say Use of Spyware During Conflict Is Chilling (VOA) Nagorno-Karabakh conflict a common thread between Armenian journalists, lawyers and others targeted by Pegasus spyware, Amnesty says
Defense chief: No leaks confirmed from reported Chinese attack (The Asahi Shimbun) No leaks of confidential security information have been confirmed, Defense Minister Yasukazu Hamada said Aug. 8, after the Washington Post reported that Chinese military hackers had infiltrated Japan’s defense networks in a devastating cyberattack.
Pakistani investigators using ‘old version’ of Israeli UFED digital intelligence software — officials (Arab News) Pakistan’s Federal Investigation Agency (FIA) has been using an “old version” of a cybertechnology software from the Israeli digital intelligence company Cellebrite to combat crime, espionage and terror financing, two serving officials and one retired officer of the department with direct knowledge of the issue have said. Last week, Israeli newspaper Haaretz reported that the FIA and various police units in Pakistan had been using Cellebrite software since at least 2012.
Anatomy of an Account Takeover Attack: Capra (HUMAN) Learn about the anatomy of an account takeover attack called Capra. Discover how hackers target betting platforms and how HUMAN's Bot Defender and Credential Intelligence help prevent such attacks.
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (The Hacker News) Yashma ransomware is on the rampage, hitting English-speaking nations, Bulgaria, China, and Vietnam! Leaked builders are fueling these attacks.
Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware (Record) Researchers believe a new strain of ransomware is being used to target organizations in China, Vietnam, Bulgaria and several other English-speaking countries.
Black Hat USA 2023 – Bitdefender macOS Threat Report Reveals Key Dangers for Mac Users (Bitdefender) In its 26th year, Black Hat USA returns to Vegas with a six-day schedule. Bitdefender is on the floor at the Mandalay Bay Convention Center releasing its latest macOS Threat Landscape Report – a valuable resource that looks at the key threats targeting Macs worldwide.
‘Downfall’ vulnerability leaves billions of Intel CPUs at risk (CyberScoop) A vulnerability in Intel’s x86 chips major raises questions about the assumptions underlying computer security models.
New Inception attack leaks sensitive data from all AMD Zen CPUs (BleepingComputer) Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models.
Fantastic Rootkits: And Where To Find Them (Part 3) – ARM Edition (CyberArk) Introduction In this blog, we will discuss innovative rootkit techniques on a non-traditional architecture, Windows 11 on ARM64. In the prior posts, we covered rootkit techniques applied to a...
WormGPT and FraudGPT – The Rise of Malicious LLMs (Trustwave) As technology continues to evolve, there is a growing concern about the potential for large language models (LLMs), like ChatGPT, to be used for criminal purposes. In this blog we will discuss two such LLM engines that were made available recently on underground forums, WormGPT and FraudGPT.
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ (KrebsOnSecurity) WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how…
Kubernetes Exposed: One Yaml away from Disaster (Aquasec) We found two main misconfigurations in Kubernetes clusters belonging to more than 350 organizations openly accessible and largely unprotected.
macOS utility NightOwl now contains shady botnet code (Six Colors) A few years back, I recommended an app called NightOwl, which allows you to toggle your Mac between dark and light mode on a schedule. While I used it for a while, it eventually got supplanted by b…
Every police officer in Northern Ireland has data compromised in 'monumental' breach due to human error (Sky News) The PSNI Assistant Chief Constable admitted the breach was made in "human error" and apologised to colleagues whose data was made public for two and a half to three hours.
PSNI apologises to staff after major data breach (RTE.ie) The Police Service of Northern Ireland has apologised after information about all of the force's serving officers and staff was published in a data breach.
Department of Social Services encourages Missourians to monitor and protect their identity after third-party cyberattack (Missouri Department of Social Services) Department of Social Services encourages Missourians to monitor and protect their identity after third-party cyber-attack
American National Insurance Company Experiences Data Breach Affecting Consumers’ Social Security Numbers (JD Supra) On August 7, 2023, American National Group, better known as American National Insurance Company (“ANICO”), filed a notice of data breach with the...
Insight into the 2022 Top Routinely Exploited Vulnerabilities (VulnCheck) VulnCheck provides additional insight into CISA's 2022 Top Routinely Exploited Vulnerabilities by looking at the availability of exploits and examining which threat actors, botnets, and ransomware crews used the vulnerabilities.
Security Patches, Mitigations, and Software Updates
Android 14 introduces first-of-its-kind cellular connectivity security features (Google Online Security Blog) Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle Android is the first mobile operating system to introduce advanced cellular...
Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns (SecurityWeek) Adobe rolls out a big batch of security updates to fix at least 30 Acrobat and Reader vulnerabilities affecting Windows and macOS users.
Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days (SecurityWeek) Patch Tuesday August 2023: A month after confirming exploitation of Office code execution flaws, Microsoft issued patches for multiple products.
Microsoft Releases August 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Fortinet Releases Security Update for FortiOS (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-220-01 Schneider Electric IGSS
ICSA-23-220-02 Hitachi Energy RTU500 series
Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE-2023-34034 Spring WebFlux Security Bypass Write-up & PoC (JFrog) Understanding the Spring Security CVE-2023-34034 vulnerability. Read our detailed analysis, learn what's vulnerable and discover remediations.
Trends
CrowdStrike Releases the 2023 Threat Hunting Report (CrowdStrike) The CrowdStrike 2023 Threat Hunting Report reveals identity-based attacks and hands-on-keyboard activity on the rise as adversaries look to bypass defenses.
2023 Threat Hunting Report | CrowdStrike (CrowdStrike) Download the report to discover trends in ransomware, endpoint and workload attacks, and strategies for protecting your organization.
Trends & Challenges from IT Teams Managing Apple Devices (Addigy) Our new report sheds light on the key IT trends and challenges faced by IT teams managing Apple devices in today's rapidly evolving corporate landscape.
Cyber Threats Impacting the Food and Agriculture Sector (Food Safety) While ransomware is the most common cyberattack vector for businesses, other cyber threats can be far more dangerous to the food supply system, as discussed in this article.
India most targeted country by religiously motivated hacktivists (mint) Security firms are now using machine learning and artificial intelligence algorithms to analyze the massive amounts of data from multiple sources including network traffic, endpoints, and applications, to tackle this menace.
Checkmarx CISO Study Finds 96% of CISOs Say Their Business Prospects Consider Their Organizations' AppSec Maturity When Making Deal Decisions (PR Newswire) Checkmarx, the global leader in application security solutions, today released its "Global CISO Survey: The Growing Impact of AppSec on...
Marketplace
Nobody Beats Wiz: Meet The Aggressive, $10 Billion Startup Shaking Up Cloud Security (Forbes) $200 million in sales. A $10 billion valuation. New billionaire Assaf Rappaport has built Wiz into one of software’s fastest-growing startups ever. But the CEO’s approach is leaving singed eyebrows.
Sweet Security Lands $12 Million in Seed Funding to Shift Cloud Security Right (PR Newswire) Sweet Security today announced $12 million in seed funding and the launch of its Cloud Runtime Security Suite. The round was led by Glilot...
Seattle startup Dropzone AI, which develops autonomous AI security agents, raises $3.5M (GeekWire) Dropzone AI announced a $3.5 million seed round led by Decibel Partners, with participation from Pioneer Square Ventures Fund.
Rubrik Acquires DSPM Leader Laminar to Accelerate Cloud Data Security (Rubrik) Rubrik announced it has signed an agreement to acquire Laminar, a leading data security posture management (DSPM) platform. This acquisition supports Rubrik’s leadership position as one of the preeminent data security platforms and furthers the company’s mission to secure the world’s data.
Rubrik is Named a Leader, Positioned Furthest in Vision in the 2023 Gartner® Magic Quadrant™ for Enterprise Backup and Recovery Software Solutions (GlobeNewswire News Room) Data security provider recognized as a Leader and furthest in Vision for fourth year in a row...
Boston cybersecurity company Rapid7 to lay off 470 workers (Boston Business Journal) The company announced a “restructuring plan” to eliminate 18% of its workforce. It had over 2,600 full-time employees as of the beginning of the year and over 700 employees in Massachusetts.
A Message from Rapid7 CEO, Corey Thomas (Rapid7) Earlier today, the following email was shared with Rapid7 employees.
Q-CTRL first independent quantum software vendor to achieve ISO 27001 certification (Research & Development World) Q-CTRL has achieved ISO/IEC 27001:2022 certification, making it the first independent software vendor (ISV) in the quantum technology sector to obtain this internationally recognized standard.
Cellebrite Wins Five Forensic Focus 4:cast Awards, Reinforcing Standing as Digital Intelligence Leader (Yahoo Finance) Cellebrite DI Ltd. (Nasdaq: CLBT), a global leader in Digital Intelligence (DI) solutions for the public and private sectors, is thrilled to win five prestigious 2023 Forensic Focus 4:cast Awards. “Cellebrite’s nominations and awards highlight our leadership and commitment to continually innovate...
Black Hat Preview: The Business of Cyber Takes Center Stage (SecurityWeek) The business of cybersecurity will take center stage a Black Hat 2023 as struggling startups jostle for attention with shiny booths and Las Vegas parties.
Protegrity Announces Executive Leadership Changes as Company Accelerates Strategy as the Global Leader in Borderless Data Protection (Protegrity) As the company scales toward next phase of growth, new CPO and CFO appointments highlight Protegrity’s culture of excellence and upward mobility
Products, Services, and Solutions
SandboxAQ Launches Sandwich, an Open Source Meta-Library of Cryptographic Algorithms to Speed the Implementation of Agile Cryptography (SandboxQQ) Sandwich enables developers to create their own stack, or “sandwich,” of protocols and implementations that becomes available as a cohesive cryptographic object.
DigiCert Expands Certificate Lifecycle Management to Multi-CA, Multi-Cloud Environments (DigiCert) DigiCert today announced the expansion of its certificate management platform, DigiCert Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS CA, as well as integration with ServiceNow to support existing IT service workflows.
Expel Vulnerability Prioritization Now Generally Available (Business Wire) Prioritization solution surfaces the vulnerabilities that pose the greatest risk, coupled with specific guidance for an org to address, quickly
Entara Further Expands Offerings with Launch of Vulnerability Management as a Service (Entara Blog) Industry-leading incident response and managed services firm launches new service
Protecting Your Mobile Apps with F5 (F5) As customers and regulators have become more aware of the volume and variety of mobile app security risks, the pressure to provide protection against data breaches, bad bots, mobile app abuse, and leaked data from mobile apps has ramped up considerably.
Cyolo’s Newly-Formed Security Research Team Presents Critical Vulnerability Findings at BSides Las Vegas 2023 (Business Wire) Security research team to empower enterprises with proactive insights into emerging threats introducing recently uncovered critical vulnerabilities presenting significant security risks and compliance issues.
Incode recognized in Gartner® Hype Cycle for Digital Identity (PR Newswire) Incode Technologies Inc., a leading provider of world-class identity verification and authentication solutions for global enterprises, today...
Introducing Sme AI, Gurucul’s Generative AI Assist, to Accelerate Threat Detection, Supercharge Investigations and Empower Rapid Response (Business Wire) Purpose-built capability uses ChatGPT, other Large Language Models and Machine Learning techniques to securely harnesses the power of AI to combat modern threats
Enhancing Citrix Workspace with SecureAuth's Arculix: A New Standard in Passwordless Continuous Authentication (SecureAuth) Note: This was co-authored by Faranak Talebi, Integrations Engineer at SecureAuth. In the digital era, the seamless integration of various platforms is crucial for efficient and secure operations. SecureAuth’s Arculix, an award-winning platform in next-gen passwordless continuous authentication, is setting new standards in this domain. Today, we announce how Arculix enhances the capabilities of Citrix […]
Checkly Advances Monitoring as Code with New User-Centric Features (PRWeb) Introduction of Code Exporter and Activity Log Simplify User Workflows and Accelerate Ado
Adaptive Shield Launches Identity Threat Detection and Response (Business Wire) New capabilities for SaaS will help organizations mitigate identity-centric threats
Syxsense Announces AI-Powered Cortex Copilot Bringing Natural Language Processing to Endpoint Management and Security Automation (Business Wire) Teams can interact with the platform using natural language queries for task generation and intelligent script handling to dramatically speed development and execution of a variety of endpoint management and security workflow automations
The Virtru Data Security Platform Achieves FedRAMP Authorization (GlobeNewswire News Room) Virtru’s Platform empowers public- and private-sector organizations to scale data-centric protections across sensitive data workflows through stringent...
NetNut Continues to Position Itself as a Leader in the European Privacy Market (GlobeNewswire News Room) Following last year’s successful onboarding of new customers, NetNut is to showcase its technology in several conferences across Europe Tel Aviv,...
LifeRaft Partners with Kaseware to Enhance Case Management and Governance (GlobeNewswire News Room) LifeRaft, a leading Open Source Intelligence (OSINT) platform committed to the pursuit of zero...
Strider Technologies Announces Launch of Strider Sentry to Enable Organizations to Identify and Respond to State-Sponsored Risks to Their Talent (Strider Technologies) Strider Technologies, Inc. ("Strider"), the leading provider of strategic intelligence, today launched Sentry, a risk intelligence solution that empowers organizations to safely protect their intellectual property (IP) and technology by instantly illuminating potential connections to state-sponsored risk for talent, partners, and collaborators.
Exabeam and Cribl Announce Strategic Partnership to Accelerate Threat Detection, Investigation, and Response (Cribl) New partnership gives enterprises more control over their data, accelerates SIEM deployments, and mitigates risk
AI Cybersecurity Pioneer, BlackBerry Introduces Major Update to Next-Generation AI Engine (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a major update to its patented Cylance® AI engine, marking a significant leap forward in predicting cyberattacks for proactive cyber defense. Predictive cybersecurity is a must for emerging cyber risks and seen as the future of cybersecurity.
SentinelOne® Streamlines Vulnerability Management with Singularity™ Ranger Insights (Business Wire) Groundbreaking solution provides single console from which companies can continuously identify and prioritize threats, manage risk on all devices
Versa Networks Zero Trust Network Access Earns RECOMMENDED Rating from Independent Testing Lab CyberRatings.org (Business Wire) In Real World Testing, Versa ZTNA Delivered 930 Mbps Rated Throughput Performance and Passed All Authentication & Identity, Resource Access, Routing & Policy Enforcement, and TLS/SSL Functional Tests
Alkira and Itential Join Forces to Simplify Automation of Cloud Networks (PR Newswire) Alkira, the pioneer in agentless, multi-cloud networking, and Itential, the leader in network and cloud automation software, today announced...
Appdome Launches Cyber Community Program with Pen Testers Around the World (PR Newswire) Appdome, the one-stop shop for mobile app defense, today announced the launch of its new Mobile App Defense Project, a community program aimed...
Vicarius Introduces vuln_GPT: The World’s First LLM Model to Find and Fix Software Vulnerabilities (Business Wire) Free and powerful new remediation engine enables cybersecurity teams to use generative AI to reduce MTTR (mean time to remediate)
Technologies, Techniques, and Standards
Internet shutdowns: here’s how governments do it (The Conversation) There are different tactics that governments can use to block the internet, some more sophisticated than others.
Updated NIST cyber framework focuses on on governance (Nextgov.com) The National Institute of Standards and Technology is seeking public feedback on its revamped Cybersecurity Framework, which includes guidance on operationalizing cyber best practices.
Open Cybersecurity Schema Framework (OCSF) Takes Flight with v1.0 Schema Release (Splunk-Blogs) The Open Cybersecurity Schema Framework (OCSF) celebrates its first anniversary with the launch of a new open data schema.
XDR Alliance Releases New Open-source API Specifications to Help Cybersecurity Vendors Improve Solution Integration (Business Wire) Customers benefit from more effective threat detection, investigation, and response (TDIR)
GDPR compliance is not cybersecurity, says analyst (Cybernews) Fines levied under the EU’s General Data Protection Regulation (GDPR) laws are forcing businesses to rethink their cybersecurity strategies. But experts are voicing fears that, while this compliance might look good on paper, it doesn’t add up to better protection in real life and may end up costing them more as a result.
NSA Transitions SharkSeer Cyber Defense Tool to DISA Oversight (Executive Gov) Looking for the latest Government Contracting News? Read about NSA Transitions SharkSeer Cyber Defense Tool to DISA Oversight.
Council Post: What To Do If You Can’t Patch A Software Vulnerability (Forbes) There are times when a patch is simply not available or one exists but can't be quickly implemented.
What Doctors Wish You Knew About HIPAA and Data Security (WIRED) Think US health data is automatically kept private? Think again.
10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance (Dark Reading) More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated.
Serious Security: Why learning to touch-type could protect you from audio snooping (Naked Security) Fast, quiet, smooth, consistent and low impact… why true hacker-grade touch-typing might keep you more secure.
Getting the best possible outcome in ransomware negotiation (Help Net Security) Working with a ransomware negotiation service offers several advantages that can greatly benefit an organization facing a cyberattack.
Design and Innovation
Abnormal Announces New Capability to Detect AI-Generated Email Attacks (Abnormal) New CheckGPT tool evaluates the likelihood of email attacks being created by generative AI chatbots including ChatGPT
Generative AI hype evolving into reality in data, analytics (Business Analytics | TechTarget) The practice of using generative AI and large language models to augment data and analytics operations is moving beyond the hype and becoming a reality.
Research and Development
DOE Announces $40 Million for Research on Distributed Resilient Systems for Science (HPCwire) The U.S. Department of Energy (DOE) announced $40 million in funding for five collaborative projects in distributed resilient systems for science.
Academia
Amazon pledges $20 million for Biden’s school cybersecurity plan (Seattle Times) Amazon’s web services division is offering $20 million in cybersecurity grants to K-12 schools as part of a new White House initiative designed to help shield the nation’s elementary, middle, and high schools from attacks targeting school records and operations.
Legislation, Policy, and Regulation
Pentagon to share intelligence with Japan despite China hacking report | The Asahi Shimbun: Breaking News, Japan News and Analysis (The Asahi Shimbun) The Pentagon said on Tuesday it was confident about sharing intelligence with Japan, despite a U.S. news report saying Chinese military hackers gained access to Japan’s most sensitive defense networks.
Why the China cyber threat demands an airtight public-private response (C4ISRNet) CISA’s Shields Up program was launched in 2022 to foster information sharing about cybersecurity threats, products, and other resources.
India Data Protection Bill Approved, Despite Privacy Concerns (Dark Reading) Opponents claim the new bill hinders right to information, while there are concerns on data transfers outside the country.
China's draft measures demand 'individual consent' for facial recognition use (TechCrunch) The pervasive use of facial recognition technology across all facets of life in China has elicited both praise for its convenience and backlash around privacy concerns. The widespread adoption has also fueled the exponential growth of valuations in companies specializing in the field, such as AI giants SenseTime and Megvii. Now the industry is facing […]
China floats rules for facial recognition technology (Register) Regulator says with a straight face that it should not be allowed to analyze ethnicity
German, Dutch authorities vouch for security of ZTE optical networking products | Computer Weekly (ComputerWeekly) Leading Chinese technology provider reveals it has successfully passed one of the most authoritative security certifications in the world for its optical transport network products.
US lawmakers raise security concerns about Chinese cellular modules (The Economic Times) Cellular modules are components that enable internet of things (IoT) devices to connect to the internet.
White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools (SecurityWeek) The White House on August 8th held its first-ever cybersecurity “summit” on the ransomware attacks plaguing U.S. schools.
Schools may have a long way to go to protect against cyberattacks (Washington Post) On the same day education and technology leaders came to the White House to discuss cyberattacks on schools and commitments from industry, a ransomware gang calling itself Medusa appeared to add the 1,000-student Emerson, N.J., public school district to its hostage list.
Polish Health Minister Resigns Amid Outcry Over Data Breach (BNN Bloomberg) Polish Health Minister Adam Niedzielski quit after he disclosed the sensitive medical data of a doctor, sparking a public outcry and calls for his resignation two months before a tightly contested parliamentary election.
For TSA’s updated Pipeline Security Directive, consistency and collaboration are key (Help Net Security) With the latest pipeline security directive update, TSA has augmented requirements to include evaluating cybersecurity assessment plans.
WSJ News Exclusive | New York State to Debut First Cybersecurity Strategy (Wall Street Journal) State will upgrade networks, provide free cybersecurity tools and consider new regulations
Litigation, Investigation, and Law Enforcement
Microsoft, State, Commerce in Crosshairs After Massive Email Hack — FEDmanager (FEDmanager) Members of both chambers of Congress are demanding answers from government agencies and Microsoft after the recent hacking of emails of high-ranking U.S. officials. Last month, Microsoft disclosed that Chinese hackers allegedly hacked into email accounts affecting approximately 25 organization
Notorious phishing platform shut down, arrests in international police operation (Interpol) The platform sold hacking tools to more than 70,000 users in 43 countries
Interpol takes down 16shop phishing-as-a-service platform (BleepingComputer) A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service (PhaaS) platform.
Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach (CNBC) Wells Fargo, a relatively small player on Wall Street, racked up the most fines Tuesday, with a total of $200 million in penalties.
US Navy sailor's mom encouraged him to pass military details to China, prosecutor says (AP News) A federal prosecutor has told a judge that the mother of a U.S. Navy sailor charged with providing sensitive military information to China encouraged him to cooperate with a Chinese intelligence officer.